Documentation

bigip_device_sshd - Manage the SSHD settings of a BIG-IP

New in version 2.2.

Synopsis

  • Manage the SSHD settings of a BIG-IP

Options

parameter required default choices comments
allow
no
  • all
  • IP address, such as 172.27.1.10
  • IP range, such as 172.27.*.* or 172.27.0.0/255.255.0.0
Specifies, if you have enabled SSH access, the IP address or address range for other systems that can use SSH to communicate with this system.
banner
no
  • enabled
  • disabled
Whether to enable the banner or not.
banner_text
no
Specifies the text to include on the pre-login banner that displays when a user attempts to login to the system using SSH.
inactivity_timeout
no
Specifies the number of seconds before inactivity causes an SSH session to log out.
log_level
no
  • debug
  • debug1
  • debug2
  • debug3
  • error
  • fatal
  • info
  • quiet
  • verbose
Specifies the minimum SSHD message level to include in the system log.
login
no
  • enabled
  • disabled
Specifies, when checked enabled, that the system accepts SSH communications.
password
yes
The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set.
port
no
Port that you want the SSH daemon to run on.
server
yes
The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
no 443
The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set.
user
yes
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set.
validate_certs
(added in 2.0)
no True
  • True
  • False
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set.

Examples

- name: Set the banner for the SSHD service from a string
  bigip_device_sshd:
      banner: "enabled"
      banner_text: "banner text goes here"
      password: "secret"
      server: "lb.mydomain.com"
      user: "admin"
  delegate_to: localhost

- name: Set the banner for the SSHD service from a file
  bigip_device_sshd:
      banner: "enabled"
      banner_text: "{{ lookup('file', '/path/to/file') }}"
      password: "secret"
      server: "lb.mydomain.com"
      user: "admin"
  delegate_to: localhost

- name: Set the SSHD service to run on port 2222
  bigip_device_sshd:
      password: "secret"
      port: 2222
      server: "lb.mydomain.com"
      user: "admin"
  delegate_to: localhost

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
log_level
The minimum SSHD message level to include in the system log.
changed string debug
allow
Specifies, if you have enabled SSH access, the IP address or address range for other systems that can use SSH to communicate with this system.
changed string 192.0.2.*
banner_text
Specifies the text included on the pre-login banner that displays when a user attempts to login to the system using SSH.
changed and success string This is a corporate device. Connecting to it without...
inactivity_timeout
The number of seconds before inactivity causes an SSH. session to log out.
changed int 10
login
Specifies that the system accepts SSH communications or not.
changed bool True
banner
Whether the banner is enabled or not.
changed string true
port
Port that you want the SSH daemon to run on.
changed int 22


Notes

Note

  • Requires the f5-sdk Python package on the host This is as easy as pip install f5-sdk.
  • Requires BIG-IP version 12.0.0 or greater

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.